Using Azure AD as your identity provider
To connect BigAnimal to Azure AD, you must either:
Have one of the following roles in Azure:
- Global Administrator
- Cloud Application Administrator
- Application Administrator
Be the owner of the service principal
A unique URL and access code are provided in an email from firstname.lastname@example.org. Contact email@example.com if you don't receive the email. The URL becomes invalid after you set up your identity provider with BigAnimal. For issues with the code or identity provider setup, contact Support.
To access the Set Up Identity Provider page in BigAnimal, open the link in the email sent from firstname.lastname@example.org.
In a separate browser tab or window, log into the Azure Active Directory Admin Center.
From the left navigation pane, select Enterprise Applications. On the Enterprise Applications page:
Select New application > Create your own application.
Enter a name for your application.
Select the third choice for what you intend to do with your application: Integrate any other application you don’t find in the gallery (Non-gallery).
After the application is created, from the left navigation menu, select Single sign-on. On the Single sign-on page:
Select SAML as your single sign-on method.
Update the Basic SAML Configuration by copying and pasting the following information from the Set Up Identity Provider page in BigAnimal to the SAML Configuration menu in Azure AD:
Copy from BigAnimal Paste in SAML Configuration Audience URI Identifier (Entity ID) Assertion Consumer Service URL Reply URL
Enter the configuration for Attributes & Claims. We recommend the following:
Claim name Value Note Unique User Identifier (Name ID) user.userprincipalname [nameid-format:emailAddress] Required claim <assertion_path>/emailaddress user.mail Additional claim <assertion_path>/givenname user.givenname Additional claim <assertion_path>/name user.displayname Additional claim <assertion_path>/surname user.surname Additional claim
Where <assertion_path> is http://schemas.xmlsoap.org/ws/2005/05/identity/claims.
Under SAML Signing Certificate, select Download for the Base64-encoded certificate.
Copy the Login URL value.
From the left navigation pane, Select Properties. On the Properties page, if you don't want all of the users in Azure AD to use BigAnimal, answer
Nofor the Assignment required? question. Otherwise, answer
Yesand assign the specified users to this Enterprise Application explicitly on the Users and Groups page.
On the Setup Config tab on the Set Up Identity Provider page in BigAnimal:
- Paste the Login URL value you copied from the Single sign-on page in Azure AD as the Single Sign-On URL.
- For Identity Provider Signature Certificate, upload the Base64-encoded certificate downloaded from Azure.
- Select the appropriate method for Request Binding. Azure AD supports HTTP-POST and Hybrid.
- Select the appropriate value for Response Signature Algorithm. Azure AD supports rsa-sha256 and rsa-sha1.
- Select Test Connection. If the connection is successful, select Sign in to BigAnimal to complete the setup process in the BigAnimal portal.